No need to rush the transition to the cloud

By John Stein Monroe

Jan 15, 2012

The conversation about cloud computing in government has taken a new direction, courtesy of the National Defense Authorization Act for fiscal 2012.

In the past several years, technology experts in government and industry have debated whether commercial cloud computing services are secure enough to meet the needs of federal agencies. Some people have argued that agencies would be better off developing their own cloud offerings and sacrificing some cost-efficiency for the sake of better security.

But lawmakers disagree. As part of the Defense Authorization bill, they are directing the Defense Department to make the leap from department-owned operations to commercially available cloud computing services “that provide a better capability at a lower cost with the same or greater degree of security.” You can expect similar directives for civilian agencies.

As a result, acquisition policy is likely to become the most pressing topic of conversation as federal officials seek to become better-versed in the particularities of cloud procurements.

Security is the overriding concern. Federal officials want to ensure that government data is stored and managed in compliance with existing security requirements. The policies are well-known; the question is how to translate them into clear and enforceable contract language.

Case in point: Officials at the General Services Administration ran into problems with their e-mail-as-a-service procurement when they tried to limit where government data could reside. Several bidders lodged a protest, which the Government Accountability Office upheld. In their decision, GAO auditors said GSA’s security concerns were legitimate but concluded that the provisions were ambiguously worded. The solicitation has been reworked, with awards expected in the spring.

Ambiguous security provisions could lead to protests in some cases and lousy security in others. Procurement officials should not let the Obama administration’s cloud-first policy rush them into deals that they might later regret.

About the Author

John Monroe is Senior Events Editor for the 1105 Public Sector Media Group, where he is responsible for overseeing the development of content for print and online content, as well as events. John has more than 20 years of experience covering the information technology field. Most recently he served as Editor-in-Chief of Federal Computer Week. Previously, he served as editor of three sister publications: civic.com, which covered the state and local government IT market, Government Health IT, and Defense Systems.